> Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
The jailbreaks for recent versions of iOS only allow jailbreaking unlocked devices, at which point security is already compromised.
> And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
In iOS 8 they allowed other apps to use the same JIT engine Safari does[1]. This makes me inclined to take them on their word when they say it was previously disallowed for security reasons (some early jailbreaks could be done just by visiting a web page, using security holes in Safari's javascript JIT).
> What? You must mean something else because unlocked devices aren't (necessarily) compromised.
I mean compromised in the sense that the malicious party now (for example) has access to the user's email, and would be able to reset a whole host of passwords for online services (assuming they don't use 2FA or something similar, which most users don't). If they wanted to install a keylogger, or get saved passwords, then yes they still have to jailbreak my device. This xkcd is relevant: https://xkcd.com/1200/
I think we must be using "unlocked" in different ways. I'm intending it in what I think is the conventional way for this context: when the device's cellular subsystem is not electronically locked to a particular cellular service provider.
You're absolutely right, I should've picked a different word. I mean unlocked in the lock-screen/password sense. Of course, messing with carrier settings is not easily done even if the phone is not carrier-locked, and pulling of an exploit that way is even more difficult.
The jailbreaks for recent versions of iOS only allow jailbreaking unlocked devices, at which point security is already compromised.
> And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
In iOS 8 they allowed other apps to use the same JIT engine Safari does[1]. This makes me inclined to take them on their word when they say it was previously disallowed for security reasons (some early jailbreaks could be done just by visiting a web page, using security holes in Safari's javascript JIT).
[1]: http://9to5mac.com/2014/06/03/ios-8-webkit-changes-finally-a...